Last week’s Drift hack reminded us of a similar incident our team dealt with recently on a more personal level.
A DeFi user urgently reached out to Project 0 after clicking a phishing link while trying to visit Raydium. Their wallet was compromised, and their funds were drained instantly.
Actually, almost all of their funds were drained.
Roughly $3 million in token value that the user had deposited into Project 0 was still there. P0 uses an evolved account architecture, and it had already thwarted the drainer function the attacker implemented.
When users reach out in situations like this, the default response, especially from off-chain products, is usually that there is nothing the team can do. P0 did not take that approach. We responded immediately.
The Problem
The P0 team was in transit for an offsite, but we stopped what we were doing, quickly huddled, and got to work. We built an account transfer tool that would allow someone with the wallet’s seed phrase to move their funds into a different account.
We tested the flow with our own money while sitting together in an airport. Building time-sensitive, on-chain recovery tooling under pressure is difficult, but the only way to move fast responsibly is to verify the product in real conditions. It worked. We then prepared a UI so the user could take advantage of the functionality.
There was one catch.
Executing the transfer required signing a transaction and paying a small network fee. In most cases, the wallet transfer tooling we built can operate seamlessly when a hacker has taken a user’s private keys and drained their funds.
But this case was different. The wallet was no longer owned by the System Program. It had been reassigned to the attacker’s custom program, which meant the user could no longer sign directly.
Our Solution
In roughly two hours, we updated the account transfer instruction to support a separate keypair as the fee payer. That allowed us to spin up and fund a third wallet to cover the transaction fee.
The transfer went through, and the funds were moved into a new account with the user’s new uncompromised wallet set as the authority.
Most DeFi protocols cannot do what we did here. There is no team to call, no lever to pull, and no one writing custom code in real time because your portfolio is on the line.
We built Project 0 around the idea that users should have the tools they need to manage their DeFi portfolios. But believing in self-sovereignty does not mean leaving users on their own when something goes wrong.
At Project 0, we are building a platform that gives users complete control over their portfolio, with the support to match. As last week’s Drift hack reminded everyone, that means fast, technical responses when users are in trouble, not just a good UI when things are going well.
If you’re managing meaningful capital on-chain, you should know who is behind the product you’re using.